Opened 8 years ago
Closed 8 years ago
#253 closed task (duplicate)
add option to disable gifts
| Reported by: | Brian Warner | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | undecided |
| Component: | introduction | Version: | 0.9.1 |
| Keywords: | Cc: |
Description
Leif originally wanted this to provide security in his FURL-rewriting Tahoe+Tor proposal (in which Tahoe parses the FURLs coming in from the introducer, replaces all the "tcp:" ones with "tor:", rejects anything it doesn't recognize, reassembles everything, then submits the result to Foolscap). In that scheme, any gifts (3rd-party references) would bypass the FURL-rewriting code, and would reveal the Tub's real IP address to the target of the gift.
I think I convinced him to use a different approach (foolscap connection handlers), but I think there might be other reasons to be able to deny automatic connections to 3rd-party references.
This would involve changing the inbound deserialization table, to remove the "their-reference" unslicer type. Also a tub.setOptions() value to control it, and some tests. Maybe an improved error messgae, but maybe not.
Heh. I did this already, in exactly the same way I suggested here, back in the foolscap-0.9.0 release (last september). Ticket #126 and commit [812616ce].